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(54) Secure document and method and apparatus for producing and authenticating same. 

(57) A document secure against tampering or al- 
teration and method and! apparatus for produc- 
ing and authenticating such a document. A 
document is scanned to produce a digital signal 
which is compressed, encrypted, and coded as 
a two dimensional barcode or as some other 
appropriate form of coding, which is incorpo- 
rated into a label which is the affixed to the 
document. In one embodiment the signal repre- 
senting the image is encrypted using a public 
key encryption system and the key is 
downloaded from a center. This key maybe 
changed from time to time to increase security. 
To facilitate authentication the corresponding 
decryption key is encrypted with another key 
and incorporated on the card. To validate the 
document the coded signal is scanned from the ^ 
label, decoded, decrypted, expanded and dis- 
played. The card may then be authenticated by t£> 
comparison of the displayed representation of £ 
the image and the document 
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The subject invention relates to a document or 
similar item. More particularly, it rejates. to f a docu- 
menl or similar item which has a high degree of se- 
curity against tampering, and to methods and appa- 
ratus for producing and authenticating such docu- 
ments, 

U.S. patent no. 4,853,961; for: "Reliable Docu- 
ment Authentication System" to: Pastor; issued: Au- 
gust 1 . 1989. discloses a system wherein a document 
is authenticated by encryption using a public key en- 
cryption system. The invention of the Pastor patent 
teaches authentication of a document by encryption 
of information derived from the document^ incorpor- 
ating that encrypceo information into J he document, 
recovering the encrypted information from the docu r 
ment and decry pi ing it and comparing it to the infor- 
mat ion as originally mauded m the document.. 

While believed to be generally very effective for 
authenticating documents to detect alteration .or tam- 
pering, the abov* described invention suffers from 
certain disadvantages *ith existing documents, or 
documents which are produced to an already defined 
format. For existing documents it is necessary to in T 
put information from the oocument to create the en- 
crypted informal on Typically, this would be done 
either by manual keyboard input or by some form of 
character recognition technology. Also, where docu- 
ments are produced in large numbers to already de-. 
fined format, e.g. driver s licenses, it is difficult to t 
modify the format to provide for in corpprat ion of the 
encrypted information in accordance with the Pastor 
patent. 

The above disadvantages of the prior art are 
overcome in accordance with the subject invention by 
means of a method and apparatus for producing a, se- 
cure document and for authenticating that document. 
Apparatus for producing a secure document includes . 
a scanner for producing a firs^t .signal representative 
of an image of the dpcumenL.Jhe apparatus further 
includes an encrypterfor encrypting a second signal,. f 
which is derived, at least in part, from the first signal, 
and whicri includes a representation of the jmage; 
and a coder for incorporating a coded representation, 
of the encryption of the second signal ontpa label to : 
be affixed to the document. , 

(As used herein the term "laber preferably de- : 
scribes a conventional label such as an address label. 
However, it is within the contemplation of the subject 
invent ion. and as used herein the, term "label" means, 
any object which may incorporate the copied, repre- . 
sentation and which can be aff ixed or otherwise per- , 
manently, associated with the document.) > , .> 

Apparatus for authenticating a document so pro r , 
duced includes a reader for reading the coded repre- 
sentation of the second signal ,from the aff ixed, label, , 
a decoder for decoding, the .coded, representation of . 
the second signal, a decr.yplerfor decrypting the de- 
coded signal, ,apd a display. .fpr displaying the.repre- 
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sentation of the, .image, incorporated in the second 
signal. ... 

In accordance with the -method of the subject in- 
, vention the document to.be secured is scanned to 
produce the first signal. The second signal, which is 
derived at least in part from the first signal, and which 
■ includes a representation of the image is encrypted 
and coded and incorporated in the label to be affixed 
to the document. 

Once produced the document. is then authenti- 
cated by reading the coded representation of the sec- 
ond signal from the affixed label, decoding and de- 
crypting the second signal, and controlling a display 
, in accordance with the t decrypted second signal to 
display the representation of the image which is in- 
eluded in the, second signal. The displayed represen- 
tation of the image and the document are then com- 
pared to authenticate r the document as free from tam- 
, pering or attention, , _ - 

r Thus, it is an advantage of the subject invention 
to provide^ method t and apparatus for producing a 
. secure document, .which are easily applied to existing 
documents or documents produced in a predefined 
format. , , . r .. . 

: In accordance with one aspect of the subject in- 
vention the first signal is converted into a digital sig- 
nal for processing. 

In accordance with another aspect of the subject 
invention ; tfie,second signal includes a compressed 
for ( m of the first signal.. <: ' 

(Signal compression is well known to those skil- 
led in the art and, in the case of digital signals, in- 
volves the. application of a predetermined algorithm 
to a signal to reduce the number of bytes which must 
transmitted or processed, while still retaining sub- 
stantially all of the information represented by the 
signal.) . . , ■ , ; f . . 

In accordancewith.another aspect of the subject 
invention the second signal is encrypted using an en- 
cryption key, ft, fpr a public key encryption system. 

In accordance with, still another aspect of the 
subject invention a, decryption key, Dj which corre- 
spondencesto the key, ft, is encrypted with a second 
encryption key.ft,, for the public key encryption sys- 
tem, and the. resulting .encrypted decryption . key 
E)[DJ, is appended. to the encrypted second signal pri- 
or to incorporation. of the.second signal into the sec- 
ond portion of ^the document. 

In accordance with still another aspect of the 
subject invention the encrypted second signal is 
printed on a label asa.two dimensional barcode. 

In accordance with yet still, another aspect of the 
second invention . t the apparatus for authenticating 
the document card stor s a decryption key D,, corre- 
sponding to key;E v and the decryption of the encrypt- 
ed s cond signal includes the step of decrypting the 
encrypted key, E^DJ,. using ,the decryption key, D 1( 
to obtain the decryption key D lt which may then be 
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used to decrypt the encrypted second signal. : ' • *•■>_ 

Thus, it can be seen that th subj ct invention " 
achieves the above stated advantages by providing a 
method and apparatus for producing a secure docu- ' 
ment which includes an' image which may be easily 5 
compared to document, and which is highly resistant * 
to tampering. Other advantages of the subject inven- 
tion will be readily apparent to those skilled in the art 
from consideration of the attached drawings and the 
detailed description of a preferred, exemplary em- 10 
bodiment set forth below. ' .'■■*' 

In the drawings: ' ' * ' 

Figure 1 is a schematic block diagram of an ap-' H ' ' 
paratus for producing a secure document in accor 1 
dance with the subject invention. ' ' ; *' " " ■ '15 

Figure 2 is a schematic block diagram of an ap-' 
paratus for authenticating a secure documehV pro- 1 ' ' 
duced in accordance with the subject invention. " * M 

Figure 1 shows a schematic block diagram of ap- ' * ' ; • 
paratus 10 for producing a label L Aldocument for 11 ' 20 
whichjhe label is intended is scanned by a coWfen- ' 1 
tional video scanner 12 to produce a first signal rep- 
resentative, of that document D's image/ Preferably, 
the first signal is then converted to a digital form by ' ' 
an analog-to-digital converter 1 4 forprbcessiricf in the 1 ,!, 25 
digital domain. lt is however with in' the contemplation 
of the subject invention that at least the signal com- * : * 
pression and encryption techniques to' be described" : ' 
below may be carried out in the analog domain using" -,i 
signal compression and scrambling technologies^ welf 1 * * W 
known to* those in the analog signal processing 'arts.' 1 ' 

In one embodiment of the Subject invention, 
scanning and compression are done u^ing well 'known' ' 
Group III facsimile technology, thdugh other suitable 
scanning and compression methods are within the' 35'' 1 
contemplation of the subject invent ton. ri * " ■ ' ' 

The first signal is then input to a compression 
module 16 where it is compressed to'reduce the' ' 1 
amount of data which must be- stored oh label J U. ' . . 

It should be noted that where label L is to have 4o 
substantiafly the same form as an address'labeTor \ A 
the like, data compression is, at the present state of f ' v 'i J * 
technology, necessary. However, With 'anticipated *'■"'■■ 
improvements in data storage technology; or in appfi- . "< v 
cations where the document may comprise 1 a high ca- ' 45 '■ 
pacity storage medium (e.g. a f loppy disk); 1 it is'wtthrn 2 : f 
the contemplation of the subject inveritidn'th'at the' : ; * 
first signal may not require compression but that the 1 
full signal may be processed as will be clescYi tied f ur- ; : ' 
t her below. : 1 * ' ' ***''' '"■*"■' n * - ' so 1 ' 

Data compression algorithms, for compression of " ,h '* ' • 
image signals, are knowri totriose' skilled' in theart;' 1 - 
Preferably scanning and signal com press ton are car- 11 ; 
ried out in accordanc with the* well known standard 
for Group III facsimile transmission. Further descrip- 55 ; ■ 
tion of the operation of compressor 16 is not believed 5, 
necessary to an understanding of the subject inven- 
tion. . ... .. ■ . • . . 1 * 



The compressed first signal is then input to an 
encrypter 20 to be includ d in the ricryptecJ second 
signal which will be incorporated into label L as will be 
described further below. Preferably encrypter 20 en- 
crypts the second signal using an encryption key, E j( 
for a public key encryption system such as the well 
known RSA system. 

The encrypted second signal is then encoded in 
accordance with some predetermined format by cod- 
er module 22, which controls code generator 24 to in- 
corporate the encoded encrypted second signal in a 
portion of document. ' 

In accordance with a preferred embodiment of 
the subject invention the coded signal is coded as a 
two dimensional barcode, such as the PDF-417 stan- 
dard barcode, developed by the Symbol Technology 
Corporation of New York. However, the encrypted 
second signal may be coded into any suitable format. 
For example! for a smart card or a memory card coder 
22 and code generator 24 may store the coded sec- 
ond signal as an appropriately formatted binary data 
block. 

In the preferred embodiment where the coded- 
second signal is represented as a two dimensional 
barcode the barcode will preferably be printed on lab- ' 
^M_. ' ! ■ ' 1 ~- 

In a preferred embodiment of the subject inven- 
tion compressor module '16, encrypter module 20/ 
and coder module 22 are implemented as software' 
modules in microprocessor 26; which is preferably, an 
Intel, model 80386, dr thi like, or other microproces- 
sors of greater capacity. 

. In a preferred embodiment 6f the subject inven- 
tion a center 40 transmits encryption code E| to en- 
crypter module 20.' In Wder to increase the security 
of label L key E ( maybe changed from time to time. 
For the highest level of security key E( maybe 
changed for each card C produced, or a different key 
may even be used to encrypt different portions of the 
second signal. '* ' ' 4 4 ' 

To facilitate decryption of the second signal in ah 
environment where key E| infrequently changed cen- 
ter 40 also transmits an encr'ypfed decryption key. 
E,[D|] to be appended to the encrypted second signal 
by' coder module 22. Thus, as will be seen below, 
when document D is to be authenticated the neces- 
sary decryption key D| can be obtained by decrypting 
Ei[DJ. * " * / • • " • / ' 

Typically, en crypt ibn /decrypt ion pair E lP Di will 
remain substantially constant during operation of sys- 
tem 10. However, in applications where system 10 is 
used to produced labels L for various organizations 
different pairs EVDVrriay be used for df f fere hf organ- 
izations. »• •* :\ K-.\.",r.-: . > 

Turnihg ; noW to Figur 2 apparatus' 50 for auth n- 
ticatingalab led document Lb/ having label L affixed' 
is shown. The label Lof'carti^CHs^canhed by a bar- 
code scanner 52 having the bafpability to scan an ap- 
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propriate two dimensional barcode. The scanned sig- , , 
nal is then d coded by decod r module 54 and de- 
crypted by decrypter module 58. In. a preferred . em- 
bodiment of the subject invention decrypter 58 stores 
decryption key Dj which is used to decrypt encrypteci , ,5 
key E^Dj] to obtain decryption key Dj. Key D ( is then 
used to decrypt the decoded signal scanned from lab- 
el L. ' ; ' ' ' .' ' . 

Key D, is obtained by decrypter 58 from center 
40. Typically, D, will remain constant during operation _ 10 
of system 50, as described above, and a direct com- 
munication link between system 50 and center 40 is 
not necessary and key D, maybe transmitted in any 
convenient manner. However, for example, in one ap- 
plication, where label L has a predetermined expira- 15 
tion date it may be desirable to change key D, after 
the expiration date and if such expiration dates occur 
sufficiently often a direct communication, I ink to cen- 
ter 40 maybe included in system 50. 

Thedecrypted scan signal is then expanded in by 20 
an algorit hm complimentary to the compression algo- , 
rithm used in system 10, in a conventional manner 
which need not be described further for an under- 
standing of the subject invention. 

In a preferred embodiment. oH he subject inyen- , 25. 
tion decoder module 54, decrypter module 58, and 
expander module 60 maybe implemented as soft T 
war modules in a microprocessor 61. 

The decrypted, expanded signal , is , then dis- r . , 
played by a conventional display 62. The display in- 30 
eludes a representation Rl of the image of document 
D. To authenticate labeled document LD it is com- 
pared with representation Rl. It should be noted that 
with compression representation Rl will be somewhat 
degraded. It has been found however that using the 35 
above described Group III facsimile standard a suffi- , 
ciently accurate representation of an image of an 8 
1/2x11 size text document may be coded as approx- j 
imately 2,000 bytes of data and ( printed using thje .... 
above described PQF : 417 two dimensional barcode .40 
in an area of approximately 3.5 by 2.5 inches. Of ... 
course, as described above, with improvements in 
storage technology and/or the use of media haying a - 
higher data storage capacity as embodiments of label 
L representation Rl can be arbitrarily accurately. . 45 

The preferred embodi ments , described j above . 
hav been given by way of example only, and other . 
embodiments of the subject invention will be appa- 
rent to those skilled in the art from consideration of 
the detailed descriptions set forth above and the at- so 
tached drawings. Accordingly, limitations on the sub- 
ject invention are to be found only in the claims set 
forth below. 

55 

Claims 

1. A method of producing and auth nticating a se- 
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cure document comprising the steps of: 

a) scanning said document to produce a first 
.signal representative of an image of said at 
least.a portion of.said document; 

b) encrypting a, second signal, comprising a 
representation .of said image, said second 
signal being derived at least in part from said 

; first signal; 

c) incorporating a coded representation of 
said. encrypted second signal with said docu- 
ment; 

d) reading said. coded representation of said 
second signal from said document; 

. e) decoding said second signal: 

f) decrypting said decoded second signal; 

g) inputting said decrypted second signal to a 
display to display said representation of said 
image; , , 

h) comp3ring said document to said displayed 
image to authenticate said document 

2. A rnethod as claimed in clairn 1 wherein said sec- 
ond signal comprises a compressed form of said 
first signal. 



3. A method as claimedin claim 1 or claim 2 where- 
in said second signal is encrypted using an en- 
cryption, key, E i>; for a public key encryption sys- 
tem, " : ; t f 

4. A method as claimed in claim 3 wherein a decryp- 
tion key, D i? corresponding to said encryption 
key, Ej, is encrypted with a second encryption 
key, E t , for said public key encryption system. 

5. A method -as claimed in claim 4 wherein said en- 
crypted decryption key, E,[Dj], is appended to 
said encrypted second signal prior to incorpora- 
tion, with.said document. > < 

6. A mettiogYas claimed in claim 5 wherein said rep-, 
res en tat ion of said encrypted second signal is in- 
corporated .with said document as a two dimen- 
sional barcode. 

7. A method as claimed in claim 5 wherein decryp- 
tion of said encrypted second signal comprises 
the further steps of decrypting said encrypted 
key, E)[D t ] using,a decryption key, D|. • 

8. A method as claimed in any of claims 2 to 7 
wherein said encrypted second signal is incorpo- 
rated with said, document as a two dimensional 
barcode. 

9. A method as (Claimed- in any preceding claim 
wherein said coded representation is incorporat- 

d into a label and said label is affixed to said 
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document. lf " • *'"■ * I - 

10. A method for authenticating >a document; said 
document having a coded representation of an 
encrypted signal comprising a representation of 
an image of at least a portion of said document, 
with said document, comprising the steps of: 

a) reading said coded representation of said 
signal from said document, 

b) decoding said coded representation of said 
signal; 

c) decrypting said encrypted representation 
of said signal; and, ,: 1 11 "* --.*->- 

d) inputting said decrypted representation of 
said signal to a display for displaying said rep- 
resentation of said image; whereby, • " ,f ; 

e) said document may be authenticated by 
comparison of said document with said dis- 
played representation of said image. ' ' 

11. Amethod as claimed in claim 10 wherein said en- 
crypted signal isencirypted using ari encryption 
key, E), for a* public key encryption system. 1 * 1 ( 

12. A method as claimed in claim 11 wherein a de- 
cryption key, D, corresponding to said' key E,, is 
encrypted with a second encryption key E| for * 
said public key encryption system to form' an eri- 
crypted decryption key, E,[Di], and said encrypt- ' 
ed decryption key, E^DJ is appended to said en- 
crypted signal, and wherein said decryptioh step : 
further comprises the steps of: 

a) decrypting said encrypted decryption key, " 
E,[Dj] with a corresponding decryption key, D|, 
to recover said decryption key D(; and, 

b) decrypting said encrypted signal with said * 
key, Dj. • .•.;<<.■*■ ^mv 

13. Apparatus for authenticating a document, said 1 
document having a coded representation of an 
encrypted signal compressing a representation" 
of a image of at least a portion of said document^ 
incorporated with said document; comprising: 

a) means for reading said coded representa- 
tion of said signal from said document; 

b) < decoding means, responsive to 1 said' re 'ad^ 1 
ing means for decoding said coded repres'en-' 
tat ion of said signal; \ ' 

c) decrypting means; responsive to 5 said de- 
coding means, for decrypting said decoded 
representation of said signal, arid,* w.: 

d) display means, r sponsive to said decrypt- * 
ing means, for displaying said representation 1 
of said image: wher by, 

e) said document may b authenticated by 
comparison of said document with said dis- 1 
played representation of'said image: - 



14. An apparatus as claimed in claim 1 3 wherein said 
ncrypted signal is encrypt d using an encryp- 
tion key, E(, for a public key encryption system. 

5 15. Apparatus' as claimed in claim 14 wherein a de- 
cryption key, D f , corresponding to said key E f ; is 
encrypted 'with an encryption key E t for said pub- 
lic key encryption system to form an encrypted 
decryption 'key E ? [D(]; and said encrypted de- 

10 cryptidn key E|[DJ is appended to said encrypted 

signal, and said decrypting means further com- 
prises:'' 

a) means for decrypting said encrypted de- 
crypt ion' key, E^,] with a corresponding de- 

15 cryp'tibri key, D,, to recover said decryption 

key, D t ; and 

b) means for decrypting said encrypted signal 
using said key, Dj. * 

20 1 6. A document, comprising an encoded representa- 
tion of an "encrypted signal comprising a repre- 
sentation of an image of at least a portion of said 
document. 

25 17. A document as claimed in claim 16 wherein said 
digital signal is encrypted using an encryption, 
key, Ei for a public Key encryption system! 
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18. Adocument as claimed in claim 17 wherein a de-' 
crypt ion key, b,! corresponding to said encryp- 
tion key, E (f is encrypted with a second encrypt 
tion key, E^ forsaia* public key encryption system, 
to produce ah encrypted description key, E t [Dj], R 
and said encrypted decryption key, E,[D,], is ap-„ 
pendefd to said digital signal prior to incorporation 
with said document. 

19. A document as claimed in claim 16 wherein said 
representation of said encrypted digital signal is 

1 incorporated with said document portion as a two 
dimensional barcode. ' • 



20. 



A label for securing in, to or in association with an 
associated document, said label incorporating an 
encoded representation of f an encrypted signal, 
said signal comprising a representation of an im- 
age of said document. ' : 
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Secure document and method and apparatus for producing and authenticating same 



(57) A document secure *q.-i nst tampering or alter- 
ation and method and apparatus (of producing and au- 
thenticating such a document A ticcumenl is scanned 
to produce a digital signal which is compressed J en^ 
crypted, and coded as a two cimensicxvil barcode or as 
some other appropriate form of cocmc which is incor- 
porated into a label which is the affix od to the document. 
In one embodiment the signal representing the image is 
encrypted using a public key encyphon system and the 



key is downloaded from a center This key maybe 
changed from time to time to increase security. To facil- 
itate authentication the corresponding decryption key is 
encrypted with another key and incorporated on the 
card. To validate the document the coded signal is 
scanned from the label, decoded, decrypted, expanded 
and displayed. The card may then be authenticated by 
comparison of the displayed representation of the image 
and the document. 
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